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Applicant(s) 
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Examiner 

Paul H Kang 
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The MAILING DATE of this communication appears on the cover sheet with the correspondence address 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )S Responsive to communication(s) filed on 02 September 2004 . 
2a)^ This action is FINAL. 2b)Q This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1^9 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claimfs) 1-6 is/are allowed. 

6) Q Claim(s) 7^9 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)^ The drawing(s) filed on 28 September 2000 is/are: a)^ accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1 .121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)Q None of: 

1 .D Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attach ment(s) 

1) □ Notice of References Cited (PTO-892) 4) D Interview Summary (PTO-413) 

2) □ Notice of Drattsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) □ Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 5 ) D Notice of Informal Patent Application (PTO-1 52) 

Paper No(s)/Mail Date . 6) □ Other: . 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 1-04) 



Office Action Summary 
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DETAILED ACTION 

Allowable Subject Matter 

1 . Claims 1-6 are allowed. 

2. As to claims 1-6, the prior art of record teaches the invention substantially as claimed. Poletto teaches a system 
and method for thwarting coordinated SYN denial of service attacks (CSDos), wherein a predetermined fraction of SYN 
packets destined for a server is switched to a processor for analysis (paragraphs 0025-0031), establishing a TCP 
connection between the client and server, monitoring the timeout connections, wherein if the timeout connections exceeds 
a predetermined threshold, the connection is reset. 

However, the prior art of record does not explicitly teach controlling a network switch to divert a predetermined 
fraction of SYN packets destined for a server, to a web guard processor, and if after monitoring the timed-out connections 
exceeds a predetermined threshold, controlling the switch to divert aH SYN packets destined to said server to said web 
guard processor. The examiner finds applicants arguments presented in the response of September 2, 2004, page 3, line 6 - 
page 5, line 19 to be persuasive. 

Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections 
under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another filed in 
the United States before the invention thereof by the applicant for patent, or on an international 
application by another who has fulfilled the requirements of paragraphs (1), (2), and (4) of section 
371(c) of this title before the invention thereof by the applicant for patent. 

4. The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act of 1999 (AIPA) and the 
Intellectual Property and High Technology Technical Amendments Act of 2002 do not apply when the reference is a U.S. 
patent resulting directly or indirectly from an international application filed before November 29, 2000. Therefore, the 
prior art date of the reference is determined under 35 U.S.C. 102(e) prior to the amendment by the AIPA (pre-AIPA 35 
U.S.C. 102(e)). 
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5. Claim(s) 7-9 is/are rejected under 35 U.S.C. 102(e) as being anticipated by Poletto et al (US Patent 
Application Publication No. 2002/0031134 and Poletto hereinafter). 

6. As per claim(s) 7 Poletto discloses arranging a switch receiving said SYN packets destined to said server to 
forward said SYN packets to a TCP proxy arranged to operate without an associated cache, whereby said TCP proxy, 
when subject to a CSDOS attack, does not successfully establish a TCP connection with said malicious host, and no TCP 
connection is made from said TCP proxy to said server, thereby protecting said server from said attack, (See Paragraph 
0048-0055 and 0062-0072). 

7. As per claim(s) 8 Poletto discloses forwarding a statistical sampling of packets from a switch in said network to a 
processor, if packets in said sampling indicate an attack, alerting the operation of said switch to reduce the effects of said 
attack, (See Paragraph 0042-0048). 

8. As per claim(s) 9 Poletto teaches the claimed invention as described in claim(s) 8 above and furthermore 
discloses said switch is arranged to discard packets in the event an attack is detected, (See Paragraph 0060-0062). 

Response to Arguments 

9. The applicants argued in substance that: 

a. as to the anticipatory teachings of the prior art as to claim 7 as asserted by the examiner, the prior art 

cited teaches 'a monitoring process that includes the gateway or data collectors keeping track of a metric for each 
of N different traffic buckets. Each of these buckets 'are implemented as storage areas in the memory space of 
the data collector or gateway device.' Therefore, it is respectfully submitted that for at least this reason, it is 
submitted that Poletto does not teach at least the claimed feature of 'arranging a switch receiving said SYN 
packets destined to said server to forward said SYN packets to a TCP proxy arranged to operate without an 
associated cache ." 
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As to point a), the examiner respectfully disagrees. The language of the claim "a TCP proxy arranged to 
operate without an associated cache" is not interpreted as not having any capability of storing data, but rather as 
not caching data to enhancing user access. The data buckets of the prior art does not pertain to caching such data 
requested by the user, but stores data related to monitoring SYN packets which may be malicious. For these 
reasons, the applicants' arguments are not deemed to be persuasive. 

The applicants argued claims 8 and 9 depend on allowable independent claims, therefore did not 
present separate arguments. It is noted however that claim 8 is in independent form, and previous rejections are 
maintained. 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing 
date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the 
advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened 
statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1 .136(a) 
will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply 
expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to 
Paul H Kang whose telephone number is (571) 272-3882. The examiner can normally be reached on 9 hour flex. First 
Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner* s supervisor, Rupal Dharia can be 
reached on (571) 272-3880. The fax phone number for the organization where this application or proceeding is assigned is 
703-872-9306. 
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Information regarding the status of an application maybe obtained from the Patent Application Information 
Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or 
Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more 
information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

/fekiC" — \ 

Primary Examiner V , 




